Details

    • Type: Technical task
    • Status: Approved
    • Priority: TBD
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Complexity:
      Undetermined
    • Sprint:
      Ref App 2.11 Release Sprint 3, Ref App 2.12 Priorities

      Description

      The phone number field for patient contact info is vulnerable to XSS when editing an existing patient's contact info.
      Further, that field should validate for phone numbers, as now it allows for arbitrary characters.

        Gliffy Diagrams

          Attachments

          1. cross-site-scripting.png
            cross-site-scripting.png
            62 kB
          2. execution-at-page-load.png
            execution-at-page-load.png
            53 kB
          3. XSS-confirm.png
            XSS-confirm.png
            65 kB

            Issue Links

              Activity

                People

                Assignee:
                dkayiwa Daniel Kayiwa
                Reporter:
                agyori Alex Gyori
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: